Phishing Cited by SMBs as Top Attack Threat

A new survey of 600 IT decision makers at small-to-midsized businesses (SMBs) found that nearly all SMBs are conducting some form of employee cybersecurity awareness training, which could be due in part to the fear of phishing.

It might seem promising to note that the new global report, Webroot SMB Cybersecurity Preparedness, found almost 100% of businesses train their employees in cybersecurity awareness. However, the report also found that the number significantly decreases for ongoing training practices, with only 39% of companies reporting that they educate employees continuously throughout the duration of employment.

Yet the report found that businesses in the US, UK and Australia are taking cybersecurity seriously. It revealed a shift in the attacks organizations believed themselves to be most susceptible to in 2017. Also noteworthy was the finding that the estimated cost of a breach is decreasing.

While phishing ranked third for most dangerous threat in 2017, it topped the chart for 2018. Nearly half (48%) of respondents identified phishing attacks as the top perceived threat , and 45% said that their business will be susceptible to DNS attacks. Overall, phishing displaced new forms of malware, which fell to number six, behind distributed denial-of-service (DDoS) and mobile attacks. Ransomware grew from fifth place in 2017 to third in 2018; however, the responses varied by geography.

The large majority of SMBs in the UK (69%) reported that their businesses were almost completely ready to manage IT security and protect against threats, while only 54% of SMBs in both the US and Australia reported the same.

“As our study shows, the rise of new attacks is leaving SMBs feeling unprepared. One of the most effective strategies to keep your company safe is with a layered cybersecurity strategy that can secure users and their devices at every stage of an attack, across every possible attack vector. And for many businesses, relying on a managed service provider (MSP) when time and expertise aren’t readily available is a crucial step to strengthen their security efforts,” Charlie Tomeo, vice president of worldwide business sales, Webroot, said in a press release.